4 matches found
Directory Traversal
Overview mongrel is an A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps. Affected versions of this package are vulnerable to Directory Traversal via the DirHandler function in lib/mongrel/handlers.rb. An attacker can read arbitrary files by sending an HTTP reques...
Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
Directory traversal
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...